alt Hacker NewsWell the idea is that the client should be open source, and audited.
If you run a proprietary app, you have to blindly trust it (just like if you access a webapp).
In terms of security, the best is an open source app, IMO.
Well the idea is that the client should be open source, and audited.
If you run a proprietary app, you have to blindly trust it (just like if you access a webapp).
In terms of security, the best is an open source app, IMO.
Open source helps, but if you didn't build it yourself, you'll need to trust whoever did. F-Droid reproducible builds help in that you only need to trust either F-Droid or the developer, not both.
The browser tends to be safer because it has a stronger sandbox than native apps on a mobile OS. It's meant to be able to run potentially malicious code with a very limited blast radius.